I've been using and administering Splunk Enterprise since Splunk 4. I have certifications up to the current Splunk Architect level.
While I don't know that this will help any sort of transition, I'm interested in a move to cybersecurity and I'm looking at the one Splunk Enterprise Security certification that Splunk offers (Admin).
When reading the course descriptions, it seems to me that there's a lot of overlap between the "Using Splunk for Enterprise Security" course and the "Administering Splunk for Enterprise Security" courses.
Does anyone know if taking the admin course would actually cover most of what's in the Using course? That is, would being an admin mostly prepare you to be a user as well or do you really have to take both to understand anything other than being an admin?
I ask because I was unable to access SES at my previous job (just used Splunk in the regular IT sense). I find myself unemployed at the moment and while I can't show any experience on the SES side, I would like to at least show that I've done something serious with regards to SES.
Thanks very much
The ES Admin course will give you a nice overview of the frameworks ES is running on and how to use them. It's a key to understand them if you ever want to get into a big ES deployment which should run smoothly.
It totally depends on how an organisation works with ES, but the course is good for beginners to understand what makes ES different from "core" (Splunk Enterprise) and the reasons why it's used by so many.